Share this post

Link to post

Share on other sites

I think data destruction would be easier if we applied Kerckhoff's Principle. In crypto, this is the rule that say we should rely on a very small, simple secret (i.e. key) rather than a complicated or large secret (i.e. algorithm). The idea is that keys are easier to replace, transmit or destroy if necessary. This same principle can be applied to data destruction using crypto. Encrypting something and loosing the key is equivalent to secure destruction of data, so long as crypto scheme is sound and keys are truly random and unrecoverable. This leads us to schemes like the simple one below:

2. Header is stored in one of following ways: close to beginning of physical disk; dedicated partition; on external USB stick, and encrypted

3. Header design incorporates enough redundancy to survive common drive errors, but is still incredibly small

4. If data must be destroyed, then the header is overwritten with random data. Overwriting must be quite low-level, and file system issues make a dedicated partition (w/ predicatble file system) or an external storage device desirable.

Result: One can destroy hundreds of GB of data by overwritting only a few MB with high probability. Requires no additional hardware, but may be incompatible with OS's like Vista that go crazy when partitioned.

Some Alternatives

1. Headers stored in a RAM disk with battery-backup, like Gigabyte's iRAM. The reason headers are encrypted, and with regularly changing encryption keys, is to fill the caches of the media with lots of random data to make forensics difficult.

2. All-or-Nothing-Encryption scheme produces the key. Applied to a track of data, divided into fixed-sized blocks, as key step in producing a key. Several tracks are used, each leading to valid key, for redundancy. However, since the blocks alternate, most of the first parts of the track are at beginning of disk: Track1-Block1, Track2-Block1, Track3-Block1, Track1-Block2, Track2-Block2, and so on. Regardless of which track is used, the whole track is necessary. Due to this property and their layout, an overwrite on or destruction of small part of the storage medium results in secure destruction of all data.

3. Use of tamper-resistant, certified hardware to generate, store and destroy nonces. Best described with an example. Volume decryption key produced by and maintained in IBM or SafeNet cryptocard. Cards supposedly have certifiably effective methods to "zeroize" memory if an attack is detected. Defender should figure out which attacks are most obvious to hardware (guaranteed to be detected), which of those are easiest to pull off in 5 seconds, and simply do it if data capture is imminent. If its a PC card like luna, then you might just stab part of it with a screwdriver, activating secure deletion of nonce and therefore encrypted data.

All of Above: You'd want to quickly kill power on your main computer in any case, and possibly have RAM-overwriting software available for fastboot. A magnet or electrical shock to RAM might work, but I don't know much about their effectiveness to be honest. I like very predictable methods.

Note that all of these methods give us a way to securely delete a whole bunch of data by actually destroying only a small portion of it. I'm occasionally working on designs like this to find the sweet spot between guaranteed, fast data destruction and prevention of loss due to accidental failures. The designs I mentioned work in practice so long as file-systems are chosen carefully, but may hide subtle flaws. Use at your own risk.

Share this post

Link to post

Share on other sites

All roads leed to thermite. Attatch an ignitioun switch to some place it over HDD and there you go. It doesnt matter how good they are there never gonna get your data off it once its molten gloop.

And so you'll spend the next few months/years under arrest without access to anything for destruction of evidence before they go through all of your personal belongings.

Depending on what your doing, being charged for destruction of evidence instead might be a plus. It's often much worse for an offender to be charged with child pornography, espionage, etc. The courts can throw the gauntlet on someone for that, while destruction of the data may result in "we don't know what he was doing, but he was wrong to hide so we'll let him do some time for SOMETHING!" The difference in time, plus potentially avoiding other consequences like being on one of many lists, might be advantageous.

0

Share this post

Link to post

Share on other sites

i was thinking of making an enigma machine password setup that self formats after a brute attack as the password of that day would be automatically read from a usb stick in md5 and human readable files padded with the first parts of lorem ipsum to equal 512kb, and if i didnt have that stick but knew the code i'd still be able to use a limited user or something.

cause the stick also contains the weekly table generator, its useless unless the computer has that days hash in the 512kb file...

0

Share this post

Link to post

Share on other sites

...which has the exact lorem ipsum passage and the hash with human readable code too, and they dont work after midnight and will stop working if it detects the clock being behind the last known saved date or it will null single hashes past todays if inputted, so if they do end up getting wise, in the words of tourettes guy, they "cant do shit without their balls"

by then ill be out on a lesser charge or FTW

0

Share this post

Link to post

Share on other sites

Or, if you had a clean room in your house, you could rig up a system with a plastic bottle, a hose and some kind of battery powered, remotely controlled servo-valve that would dump concentrated acid into the hard drive casing.

Probably the best solution yet: You could save the money on expensive systems and ruined equipment by simply not doing illegal shit with your computer that would cause the police to break into your house in the first place!

Share this post

Link to post

Share on other sites

Came here to post something about crypto and keyfiles, army of one beat me to it.

I would second the "don't do anything illegal" bit as well except for one little detail...

"Tools of a crime" laws. In most states, for example, it's illegal for me to just walk around with lockpicks. There are licenses, however, which one can obtain to allow him or her to carry such tools under appropriate circumstances (like if I wanted to become a locksmith).

That I'm aware of, there is no such license for computer security related products, and depending on who is looking through what drives and how savvy they are, simply having some of the tools we play with legitimately we could face prosecution for possessing "tools of a crime"

That's my understanding anyway, "tools of a crime" laws seem to be worded pretty vaguely, which I suppose they'd have to be to be functional.

Share this post

Link to post

Share on other sites

Came here to post something about crypto and keyfiles, army of one beat me to it.

I would second the "don't do anything illegal" bit as well except for one little detail...

"Tools of a crime" laws. In most states, for example, it's illegal for me to just walk around with lockpicks. There are licenses, however, which one can obtain to allow him or her to carry such tools under appropriate circumstances (like if I wanted to become a locksmith).

That I'm aware of, there is no such license for computer security related products, and depending on who is looking through what drives and how savvy they are, simply having some of the tools we play with legitimately we could face prosecution for possessing "tools of a crime"

That's my understanding anyway, "tools of a crime" laws seem to be worded pretty vaguely, which I suppose they'd have to be to be functional.